As it is known in cryptology, encryption techniques (codification) using standard and evolving algorithms or computerized computations are used so that data exposed to undesirable third parties are encrypted making it difficult (and intended to be impossible) for an unauthorized third party to see or use it. Usually, for encryption, the term ‘plaintext’ refers to a text which has not been coded or encrypted. In most cases the plaintext is usually directly readable, and the terms ‘cipher-text’ or ‘encrypted text’ are used to refer to text that has been coded or “encrypted”. Encryption experts also assert that, despite the name, “plaintext”, the word is also synonymous with textual data and binary data, both in data file and computer file form. The term “plaintext” also refers to serial data transferred, for example, from a communication system such as a satellite, telephone or electronic mail system. Terms such as ‘encryption’ and ‘enciphering’, ‘encrypted’ and ‘ciphered’, ‘encrypting device’ and ‘ciphering device’, ‘decrypting device’ and ‘decipher device’ have an equivalent meaning within cryptology and are herein used to describe devices and methods that include encryption and decryption techniques.
It is well known that a large number of encryption schemes have been used for at least the last 100 years and deployed more frequently since the onset of World Wars I and II. Since the beginning of the cold war, the “cat and mouse” spy missions have further promulgated the need for secure encryption devices and associated systems. Known encryption systems for these devices include the “Data Encryption Standard” (“DES”), which was initially standardized by the “American National Bureau of Standards”, currently “National Institute of Standards and Technology” (“NBS” or “NIST”) in the United States. Another includes the “Fast data encipherment algorithm FEAL” (FEAL) developed later in Japan, and described in the IECEJ Technical Report IT 86-33. U.S. Pat. No. 5,214,703 entitled “Device for the Conversion of a Digital Block and Use of Same” describes the use of additional devices as does an encryption device described in U.S. Pat. No. 5,675,653 entitled “Method and Apparatus for Digital Encryption”. In most cases, the user making use of protecting the data after encryption or enciphering of a plaintext has delegated the strength of the invulnerability of the encryption to be positioned in front of an enemy attack. This positioning is aimed to discover the contents of the cipher text or the encryption key used, trusting in the organizations, institutions, or experts endorsing their security and providing a degree of confusion and diffusion of values introduced by the encryption device used in the cipher text. The user encrypting a particular plaintext has no objective security regarding the degree of confusion and diffusion of values present in a cipher text that result from the application of the encryption device.
Randomization of an input block has been previously addressed as in the device described in U.S. Pat. No. 4,850,019 entitled “Data randomization equipment”, invented by Yokosuka Akihiro Shimizu and Yokohama Shoji Miyaguchi, both of Japan, in which two plaintext encrypting devices are presented. In both cases the randomization of data which they refer to is performed according to individual 64 bits data blocks provided as input data. This is described in the patent description where it is stated that “final channel data obtained after function and transform operations are combined by combining means to produce randomized data corresponding to the input data.” Properties and features of the randomization lie in the input data block, in the encryption key, and in the operations and transformations that the device carries out in the 64 bit data block provided as input data. It is also stated that for this invention, both a 64-bit encryption key for the first encrypting device, and a 128-bit encryption key for the second is utilized.
The encryption device in U.S. Pat. No. 5,214,703 entitled “Device for the conversion of a digital block and use of same”, invented by James L. Massey, and Xuejia Lai, both of Switzerland, is another such device that also uses well-known diffusion and confusion techniques, but the cipher text message that results from its application presents no properties to provide objective measures, by the user. Here, the degree of confusion and diffusion of values presented in the cipher text message and, as it happened with the abovementioned device, the confusion and diffusion introduced refers to the 64-bit data block provided as input for encryption. In the description of this patent it is clear that “it (encryption) can be proven when the quantity of four operations is a minimum for meeting the object of diffusion”, and relegating to experts, organizations or institutions, their appraisal of the degree of diffusion and confusion introduced into the ciphertext resulting from its application. Such a device makes use of a 128 bit encryption key.
Another example of an encrypting device utilizing useful scrambling techniques resulting in ciphertext is provided in U.S. Pat. No. 5,675,653 entitled “Method and Apparatus for Digital Encryption”, invented by Nelson Douglas Valmore, Jr. In this patent it is concluded that people with knowledge in cryptology will recognize that typical digital encryption usually uses two well-known techniques; substitution and transposition. For the devices described in this patent the invention does not yield ciphertext that is possible for a layperson to verify in an objective manner without understanding the scramble achieved in the resultant ciphertext.
The device in patent application WO 99/57845 A, entitled “Randomization-encryption system”, published 11 Nov. 1999, occasionally generates randomized text as ciphertext that substantially presents random number sequence properties, so that the degree of diffusion and confusion of values in the randomized-encrypted text introduced by the encryption key used can be checked in an objective way. The randomization of the ciphertext depends on the plaintext that it is encrypted and on the selected encryption key. Such device do not allow advanced knowledge that any encryption key with any plaintext can generate a cipher text that complies with the at random number sequence properties. This also forces the user to obtain an explicit evaluation to know if the maximum degree of diffusion and confusion values is being implemented. Therefore, in the case that the cipher text does not comply with the random number sequence properties and later to the explicit evaluation, it is necessary to select a new encryption key for use and to repeat the randomization-encryption process if the user wants the randomized-encrypted text to have the maximum confusion and diffusion properties. This includes disadvantages inherent in the selection of a different encryption key for a particular plaintext (set) and the increase of different encryption keys that can be forced to work for proper decryption. Furthermore, in the case of large plaintext, the probability that the entire resultant encrypted text complies with the random number sequence properties are lower, so that the user may have to repeat this process to achieve successful encryption/decryption.
It is worth mentioning, that the existence of ciphering devices that operate according to the input data, can be either the encryption key or the plaintext message data. Some examples of these include the ciphering device of U.S. Pat. No. 4,157,454 entitled “Method and System for Machine Enciphering and Deciphering”, invented by Wolfram Becker, that shows an enciphering algorithm with rotations depending on the used encryption key, as well as the ciphering device in U.S. Pat. No. 5,724,428 entitled “Block encryption algorithm with data-dependent rotations”, invented by Ronald L. Rivest, This device makes use of rotations according to the input data and intermediate encryption results in order to determine the quantity of each data rotation being encrypted.
These encrypted and decrypted data and data communications require special encryption techniques essential to denying fraudulent or otherwise unauthorized third parties with the ability to access sealed encrypted transmissions for data at rest as well as for data on the move.
The use of encryption devices by the general population is becoming very common in for example, commercial electronic transactions and/or electronic mail. A predominant portion of all societies want to believe in an objective, easily verified way, that the maximum degree of the diffusion and confusion (encryption) of data and data values provided by a system they are using to encrypt their data, is the superior set of encrypted devices and system.
Forward Data Transmission with Encrypted Sub-Channels
In many cases, the use of encryption devices are enhanced with the use of forward error correction coding. Forward error correction coding expands data (data strings, data sets, etc.) and places check sums (using American Standard Code for Information Interchange (ASCII) and Extended Binary Coded Decimal Interchange Code (EBCDIC)) into “translation tables” which utilize binary numbers to represent letters or other symbols for encoding and encryption. One object of this technique is to try sharing encrypted data between at least two (2) parties using some type of open standard with either the same language or a binary standard.
Assuming that the transmission stream is performing in a proper fashion, the use of forward error encoding and the use of sub-channels can provide a false impression that useful and uncorrupted (“good”) data appears as not useful and corrupted (“bad”) data. There are several techniques which could provide this false impression and thereby deter or eliminate the possibility that a potential third party impersonator or thief could access the actual (original) transmission. Our system provides the ability to inject intentionally disguised (erroneous) data into the forward error correction encoded data by intentionally injecting this disguised erroneous data into the original transmission of the original data or original signals. This system requires that the injection of these errors does not exceed a threshold associated with the data transmission. The receiving end for the transmission will then correct for the errors by separating these errors from the original data transmission. In operating a system in this manner, it is possible to repair the original data/signals, and thereby obtain the original intended data/signals and recover the errors/disguised/erroneous data into a separate transmission stream. This separate transmission stream is described herein as a sub-channel.
By combining the sub-channel with the forward error corrected data, the sub-channel transmission appears as “noise” or a scrambled transmission (similar to the diffusion and confusion described in the background section above). This “noisy” data, can now itself be encrypted, which prescrambles the data/signal transmission before the transmission enters the encrypter. Essentially, the transmission data is “premixed” before entering an encrypter device.
Using this technique and encrypter device allows for effectively and significantly increasing the strength of the encryption. There is a limit regarding how much intentionally erroneous appearing data can be injected or infused into the transmission. If random numbers are provided, even if the same data is “randomized” on multiple occasions, randomness will continue to be transmitted and received. Randomizing the data equates to ensuring that there is no repeating pattern used to mask or disguise the original transmission. In this manner, a random number input to the sub-channel so that the sub-channel then supports its own logic set that spreads the data rate or data length over the sub-channel, for instance, would allow for encryption and decryption by the sub-channel provider. Instead of injection a set of random numbers, the sub-channel provider could inject other data that is completely unrelated to the original transmission. This could include, for example, temporal (time related) data, message authorization codes, user IDs, etc.
Because the sub-channel is being used to inject the encryption and encrypter, it is possible to employ logic which can parse the data/signal transmissions by stretching time or space as stated above and throttling the rate at which the original desired data and/or the intentional errors are transmitted via the sub-channel.
Receiving Transmission with Sub-Channels
For the present disclosure, receiving the encrypted transmission of the sub-channels requires accepting the cypher text and decrypting this cypher text with the identical (symmetric) keys or public/private (asymmetric) key pairs. There are several techniques which allow for this type of encryption and decryption including those described in more detail as follows.
Because this transmission and associated data/signals have been scrambled, it may obfuscate currently used attack methods which utilize the public/private key pairs. Currently, asymmetric key pairs are being decrypted primarily using brute force techniques. These brute force methods are not normally very quick or wildly successful. However, these techniques are employed and can eventually accomplish their task. Brute force methods often use factoring or side channel attacks to search for repeating patterns in identical data. Because the present disclosure provides for destroying patterns in identical data, factoring and side channel attacks cannot function in the same manner and may prove to be completely ineffective and rendered worthless. By adding randomness to the sub-channels which essentially surround, further encrypt, protect, and cloak the actual encryption of the original transmission(s) another degree of randomness is provided that will required additional decipherment, thus changing the decryption paradigm.
In order to recover the intentionally introduced forward error, at least one data correction recovery function must be applied. This recovery function corrects the (intentionally erroneous) data and outputs plain text. One other feature needed, with the proper algorithm that is included as part of the present disclosure is a separate identification of the errors and the ability to produce an output that includes only these errors as an output. This technique includes one or more splitter functions in that there is a split accomplished between real data and the recovered errors. To further clarify, the recovered errors recovered with this technique should be the entire sub-channel—which is what was originally intentionally injected/infused as corrupted or erroneous data or into the original transmission.
Once the system has been developed and the encrypter and decrypter devices arranged to transmit and receive the transmission(s), it is possible to send additional data into a decoder (which functions as another splitter) so that random numbers can be split out and together with the initial error and splitter transmission stream. This random number generator/splitter can either inject/infuse data other than has been already involved in the original transmissions or utilize other data that is completely unrelated to the original data or signals originally sent. A third set of options is that this random splitter could provide temporal (time related), message authentication codes, user IDs and other data/signals which is related to the original data/signals.
In the manner described above, it is possible to hide repeating data with “true” randomness” by introducing additional chaos to the original transmissions which now require additional layers of decryption and/or decoding to arrive back to the original transmission(s). The system described here and in more detail according to the figures below, significantly strengthens the encryption by actually pre-scrambling the data using the sub-channel(s) and adding additional sub-channels on an as needed basis. The ability to add additional subchannels allows for adding additional randomness and further insulating the transmission so that third party attacks become increasing useless. In fact, if third party attacks are discovered, this system allows for increasing encryption “on the fly”—so that as decryption by an unauthorized third party occurs, further encryption can be “dialed up” or “ratcheted”.
While it is true that the devices and associated system described will expand the data size by approximately 30% (or more if additional levels of error correction are invoked), the technology for increasing computer micro-processing speeds and memory size is quickly making data size and speed of transmission of the data/signals a non-issue. The system described provides no pattern to the data or the pre-scramble locations. Specifically, without the system of the present disclosure, one can send the same data over and over again through the same cipher key and expect to receive the same cipher text as an output. Without the present system, this technique would provide clues about the original plain text and potentially knowledge regarding the cipher key. By using the techniques described herein and applying randomness to each transmission, the cipher text looks completely different for each transmission because the random number combined with repeating data values has changed the randomized data value before it is encrypted. Therefore the cipher text will be completely different for each transmission. Even though the same data is being repeatedly transmitted, the cipher text is randomly different. This leaves no avenue to infer the value of the original plain text or the cipher key. It is also possible that the entire system described herein can by itself be used as a sub-channel (by cascading the system in multiple configurations) for other transmission(s). If so employed, this might be at the expense of reducing “true or increased” randomness of the initially and intentionally introduced interference/noise/corrupted data.